Dylan Goes Electric And Innovation In Your Compliance Strategy

This past weekend was the 48^th anniversary of the Newport Folk Festival where Bob Dylan went electric. At this event, Dylan played an electric guitar for the first time publicly. Many of his folk music aficionados were horrified, with some even calling him ‘Judas’. But Dylan changed the face and style of not only his own music and basically created the folk rock genre with that innovation. And of course, he has been electric since that time. Rock on, Bob.

Dylan’s change of style introduces the topic of innovation in your compliance program. Mike Volkov, Donne Boehme, Jeff Kaplan and others often write about creating strategic advantage through your compliance and ethics program. But how can you maintain that strategic advantage? Rita Gunther McGrath, in an article in the June issue of the Harvard Business Review, entitled “Transient Advantage”, says that the “dominant idea in the field of strategy—that success consists of establishing a unique competitive position sustained for long periods of time—is no longer relevant for most businesses.” She believes that businesses need to learn how to launch strategic initiatives “again and again” and that to do so will require a new set of corporate operational capabilities.

I thought about her concept in the context of a compliance program. Certainly innovation is not an alien concept to the compliance practitioner. I have long heard the following quote attributed to former Assistant Attorney General, for the Criminal Division of the US Department of Justice (DOJ), Lanny Breuer, “Your compliance program is a living entity; it should be constantly evolving.” This concept is enshrined in the FCPA Guidance as one of the Ten Hallmarks of an Effective Compliance Program, No. 10 entitled “Continuous Improvement: Periodic Testing and Review”. The Guidance states that “a good compliance program should constantly evolve. A company’s business changes over time, as do the environments in which it operates, the nature of its customers, the laws that govern its actions, and the standards of its industry. In addition, compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.”

McGrath believes that the life cycle of competitive strategy is outdated and needs to be viewed through the lens of a more fast-moving world which requires more corporate dexterity. She provides “a portfolio of transient advantages” that companies need to use in the way they operate around strategies. Using her eight major shifts, I will tie them to the requirements for a constantly evolving compliance strategy.

1. Think about arenas, not industries. In the compliance world, this means you need to look outside your industry for opportunities or issues which might impact your company. Remember the Watts Water Foreign Corrupt Practices Act (FCPA) enforcement action? That came about because the company’s General Counsel (GC) read about another company in another industry which used a similar sales model as Watts Water in China. He wondered if his company might have some FCPA exposure and it turned out that the company did. Similarly, if you are doing business in China today and use travel agencies for travel, entertainment, business courtesies, or any other reasons, I would suggest that you take a close look at those practices as soon as possible, based on what has happened to GlaxoSmithKline PLC (GSK) over the past couple of weeks.
2. Set broad themes, and then let people experiment. Here McGrath talks about ways for a company to “rethink their business model, reinvent their workforces, and rewire their operations.” This is precisely true for the compliance function as well. Most generally, employees want to do business in the right way and ethically. Give them the tools and opportunities to do so through training and support. Two examples might be that if your company still allows facilitation payments, use your employee base to come up with alternative methods of dealing with this issue. You can use smaller employee groups to drive home the message of compliance through less formal training mechanisms which provide more support for them. And here you are only limited by your imagination.
3. Adopt metrics that support entrepreneurial growth. For the compliance practitioner, I think that increased metrics should mean more monitoring on the back end of transactions. This is because it not only makes good compliance sense, it makes good business sense. So if you have a significant sales spike in a new international region or area, what happened and how do you know? In answering these questions, it is clearly important that management understands the business cause of significant sales increases and that there could be other issues involved in the situation that may require consideration by the compliance practitioner.
4. Focus on experiences and solutions to problems. Under this prong, I believe the key is to listen to what your employees have to say. Travel to multiple company locations across the globe and meet with as many employees as possible. You can do this through town hall settings with key employee leaders, meetings with key stakeholders and employees identified as high risk, or in smaller groups. Listen to their  concerns and then use their ideas as suggested enhancements to your compliance program; those ideas can often form the basis of a large core of the enhancements to your existing compliance program. After rolling out your enhanced compliance program, during training, you can then give specific examples of how employee input led to the changes in the enhanced program. This engages the employees and made them feel like they were a part of, and had a vested interest in, the company’s compliance program; which in turn can lead to greater employee buy-in.
5. Build strong relationships and networks. McGrath relates that the most valuable company employees are those with strong internal networks and relationships. This should be music to the ears of a compliance practitioner. Once again the key is engagement but I would also say that it can also be considered internal marketing. For this point I would suggest that you might consider the path taken by Peter Löscher who was hired as the Chief Executive Officer (CEO) of Siemens in 2007, in the depths of the largest bribery and corruption scandal of any company ever (at least to-date). In his first 100 days as CEO, Löscher went on a round the world tour of the company’s facilities, including meetings with customers, local governmental officials and Siemens employees. He accomplished this final component through meetings with local leadership teams, town hall-style meetings with all employees and dinners with top leadership teams in specific locations. He basically learned that Siemens employees were “shocked and ashamed, because they were very proud to be a part of Siemens.” He used these forums as a basis to begin to change the culture of the company which was then enmeshed in what became the world’s largest and most costly bribery and corruption scandal to date.
6. Avoid brutal restructuring; learn healthy disengagement. While McGrath speaks in terms of restructuring, downsizing or mass firings, I believe that this point also has significance for the compliance practitioner. It may be that some of the ‘old ways’ of doing business need to change. Think about facilitation payments and how thinking has evolved on that topic, even in the past couple of years. Whatever you might think of small bribes they can act as an entry level into the wider world of actual bribery and corruption, remember that facilitation payments are not authorized under the UK Bribery Act. If your company has a UK subsidiary or UK citizens working for it you are required to maintain a ‘carve out’ for the UK subsidiary and UK citizens from your exemption of facilitation payments. This is an administrative nightmare for your books and records and one that many companies do not maintain all that well. But a key is your communication on this point.
7. Get systemic about early-age innovation. McGrath believes that you must have a process for filling your innovation pipeline with new initiatives. Similarly, in the FCPA world resting on your laurels will not suffice. Here I think that the advice that my colleague, Stephen Martin, partner at the law firm of Baker and McKenzie, is certainly applicable. Martin suggests that each compliance department have a 1-3-5 year plan for upgrading of your compliance program. Such a plan can be reviewed on regular intervals and updated as new information, ideas or techniques become available. Such a plan can be used as your roadmap for moving forward and can be further supplemented by an annual risk assessment which may look more at the business to determine what or how its changes may have modified its compliance risks.
8. Experiment, iterate, learn. McGrath advises that companies should “focus on experimentation and learning, and be prepared to make a shift or change as new discoveries happen.” In the compliance world, this can mean as new techniques for doing business in compliance become available, as new business models initiate new compliance risks, or as laws change. Witness the recent troubles of GSK in China. I think a clear sign from these events will be the increased anti-corruption enforcement of the Chinese government. It is fair or even right? I do not think that is the question for a compliance practitioner to ask. I think the question should be how can I use this information to help create a more effective compliance program going forward for my company? This might also be a good time to think about the advice I adapted from Michael Maslanka, that being that “all news is good news”. What does this mean for your compliance program? If you make an observation, see if it opens up or closes off other options for you. But the key is to pick an option and then act. And always, as Maslanka suggests, “Repeat until resolution.”

McGrath ends her piece by noting that one thing about strategy that has not changed and that is “it still requires making tough choices”. But by defining how you are going to do business in compliance and then how you will move forward from each new situation that presents itself until the next one will be a critical advantage to keep you from hot water or to help you navigate moving forward with regulators if you find yourself in such a situation.